4 predetermined standard add selectively allow transmission of such packets from the 

5 network to a protocol driver. 



1 31. (New) The distribujted packet based security system of claim 30, wherein the 

2 install is performed using a patching technique. 




1 

2 
3 
4 
5 
6 
7 



32. (New) The distributed packet based security system of claim 30, wherein each of 



the plurality computers fo 
first code of the distributee 



stores the protocol driver an d second code of the distributed packet based security system. 



wherein said second code is 
regarding packets received 



1 33. (New) The distribu 

2 install is performed remot 



a shared memory buffer between a user space that stores 
racket based security system and a system address space that 



coupled to said shared memory to store information 
over the network, and wherein said first code is coupled to the 



shared memory buffer to evaluate information stored in the shared memory buffer. 



ed packet based security system of claim 30, wherein the 
ly from a host computer on said network. 



1 34. (New) A computd: system comprising: 

2 a plurality of networked computers each including, 

3 a media access control unit coupled to the physical transmission medium 

4 of the network to extract packets from data provided across said medium; 

5 a protocol driver coupled to the media access control unit; and 

6 filter cjf)de installed in between the media access control unit and the 

7 protocol driver and enabled without shutdown or restart to evaluate said packets and 

8 selectively allow continued transmission of different ones of said packets to the protocol 

9 driver. 
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1 35. (New) The computer System of claim 34, wherein the install is performed using a 

2 patching technique. 



1 
2 
3 
4 
5 
6 
7 



36. (New) The computer! system of claim 34, wherein each of the plurality computers 
includes a shared memory buffer between a user space that stores a security application 
and a system address space that stores the media access control unit, the protocol driver, 
and the filter code, where/n said filter code is coupled to said shared memory to store 
information regarding packets received over the network, and wherein said security 
application is coupled to the shared memory buffer to evaluate information stored in the 
shared memory buffer./ 

37. (New) The computer system of claim 34, wherein the install is performed 
remotely from a hostf computer on said network. 



1 38. (New) A computer implemented method comprising: 

2 distributing from a remote host across a network to a plurality of computers code 

3 to be installed by/each of said plurality of computers, each of said plurality of computers 

4 including routines to be executed to provide a communication path between a media 

5 access control unit coupled to the network and a protocol driver, said communication path 

6 for packets transmitted across said network; 

7 transniitting froni the remote host to each of the plurality of computers a 

8 conmiand to pause each of the plurality of computers to execute said code; and 

9 each jbf the plurality of computers responsive to said cormnand performing, 

10 / installing a driver in the conmiunication path between the media access 

1 1 control unit and the protocol driver, said installed driver being enabled, without restart of 

12 said computer, to evaluate selectively allowing continued transmission of different ones 

13 of said plackets received over said network along the communication path. 
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1 39. (New) The method c|f claim 38, wherein said installing is performed using a 

2 patching technique. 



1 




1 

2 
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40. (New) The method/of claim 38, wherein each of the plurality computers 
responsive to said conmi^d also perform, forming a shared memory buffer between a 
system address space thac stores the protocol driver and a user space that stores a security 
application, wherein saiq driver is coupled to said shared memory to store information 
regarding packets received over the network, wherein said application is coupled to the 
shared memory buffer t<p evaluate information stored in the shared memory buffer. 

41. (New) The metnod of claim 39 wherein said installing includes installing the 
driver in-between the network driver interface and the protocol driver. 



1 42. (New) A maahine-readable medium that provides instructions, which when 

2 executed by a set o^ processors, cause said set of processors to perform operations 

3 comprising: 

4 distributing from a remote host across a network to a plurality of computers code 

5 to be installed bj/each of said plurality of computers, each of said plurality of computers 

6 including routines to be executed to provide a conmiunication path between a media 

7 access control unit coupled to the network and a protocol driver, said conununication path 

8 for packets transmitted across said network; 

9 transmitting from the remote host to each of the plurality of computers a 

10 command p cause each of the plurality of computers to execute said code; and 

1 1 eafch of the plurality of computers responsive to said conmiand performing, 

12 / installing a driver in the communication path between the media access 

13 control /unit and the protocol driver, said installed driver being enabled, without restart of 
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14' said computer, to evaluate se 
15 of said packets received over 



(actively allowing continued transmission of different ones 
;aid network along the communication path. 



1 43. (New) The machine-readable medium of claim 42, wherein said installing is 

2 performed using a patching technique. 




1 44. (New) The machine-readable medium of claim 42, wherein each of the plurality 

2 computers responsive to said conmiand also perform, foraiing a shared memory buffer 

3 between a system add/ess space that stores the protocol driver and a user space that stores 

4 a security application, wherein said driver is coupled to said shared memory to store 

5 information regarding packets received over the network, wherein said application is 

6 coupled to the shaded memory buffer to evaluate information stored in the shared memory 

7 buffer. 



1 45. (New) computer implemented method comprising: 

2 installing into each of a plurality of computers on a network code that is part of a 

3 distributed packet security system, said code being installed such that packets transmitted 

4 across said network to a given one of said plurality of computers is received by said code 

5 before being providing to a protocol driver; 

6 at least the first of said plurality of computers without being shutdown or 

7 restarte 

8 / receiving a packet from said network; and 

9 / said code executing on said first computer selectively forwarding said 

10 packet onto the protocol driver depending upon parameters of the distributed packet base 

1 1 security system. 
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1 ' 46. (New) The method of claim 45, wherein said instalHng is performed using a 

2 patching technique. 

1 47. (New) The methoc of claim 45, wherein said installing is performed remotely 

2 over said network. 



1 48. (New) A machinef-readable medium that provides instructions, which when 

2 executed by a set of processors, cause said set of processors to perform operations 

3 comprising: 

4 installing and enabling, without shutdown or restart, on each of a plurality of 

5 computers on a network code that is part of a distributed packet security system, said code 

6 being installed such that packets transmitted across said network to a given one of said 

7 plurality of computer^ is received by said code before being providing to a protocol 

8 driver; 

9 wherein said/code, when executed responsive to one of said plurality of computers 

10 receiving a packet fitom said network, selectively forwards said packet onto the protocol 

1 1 driver depending lipon parameters of the distributed packet base security system. 



1 49. (New). The machine-readable medium of claim 48, wherein said installing is 

2 performed usir^g a patching technique. 

1 50. (New]i The machine-readable medium of claim 48, wherein said installing is 

2 performed rdmotely over said network. 



1 51. (N^) A computer implemented method comprising; 

2 installing into each of a plurality of computers on a network first and second code 

3 that is par[ of a distributed packet security system, said first code being installed in a user 
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4' address space, said second code being installed in a system address space, said second 

5 code being installed such that packets transmitted across said network to a given one of 

6 said plurality of computeis is received by said second code before being providing to a 

7 protocol driver in said system space; 

8 at least the first ofjsaid plurality of computers without being shutdown or 

9 restarted, 

1 0 receiving k packet from said network; 

1 1 said second codelstoring at least certain information from said packet into a 

12 shared memory buffer b Jtween the user address space and the system address space; and 



said first 



code accessing information from said shared memory buffer. 



1 52. (New) The metl^od of claim 51, wherein said installing is performed using a 

2 patching technique. 

1 53. (New) The metjhod of claim 5 1 , wherein said installing is performed remotely 

2 over said network. 



1 54. (New) The method of claim 5 1 , wherein said second code is in a communication 

2 path between a network driver interface and the protocol driver. 



1 55. (New) A m^hine-readable medium that provides instructions, which when 

2 executed by a set o^ processors, cause said set of processors to perform operations 

3 comprising: 

4 installing/and enabling, without shutdown or restart, on each of a plurality of 

5 computers on a/network first and second code that is part of a distributed packet security 

6 system, said fif st code being installed in a user address space, said second code being 

7 installed in a^ystem address space, said second code being installed such that packets 
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